Android Lollipop Lock Screen Can be Bypassed Using Really Long Password

Any Android Lollipop device that is not using the latest build of the mobile operating system is vulnerable to having its lock screen bypassed by inputting a long string of characters as password. The bypass was discovered by researchers from the University of Texas this week and can be applied to any Android 5 device that does not have the latest security updates, released last week.

“A vulnerability exists in Android 5.x <= 5.1.1 (before build LMY48M) that allows an attacker to crash the lockscreen and gain full access to a locked device, even if encryption is enabled on the device,” the researchers wrote on the University of Texas blog. “By manipulating a sufficiently large string in the password field when the camera app is active, an attacker is able to destabilize the lockscreen, causing it to crash to the home screen.”

The Texas researchers also included a proof-of-concept video, tested using a Nexus 4 with an Android 5.1.1 factory image:

Google has patched the flaw, but in the meantime it is advised that Android Lollipop users that do not have the latest updates use either a PIN or pattern lock, since neither are vulnerable to the above exploit.

Support eTeknix.com

By supporting eTeknix, you help us grow. And continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Check out our Latest Video

Speak Your Mind

Tell us what you're thinking... and oh, if you want a pic to show with your comment, go get a gravatar!